Abstract: Systems and methods of the present invention provide for one or more server computers communicatively coupled to a network and configured to: receive a request for the change key; generate the change key; separate the change key into a plurality of divisions; transmit each of the plurality of divisions to a designated contact; determine whether the plurality of divisions is received by the server computer; and if so, combine the plurality of divisions into the change key; and update the domain name.

Abstract: Methods and systems for preventing revocation denial of service attacks are disclosed and may include receiving and decrypting a command for revoking a secure key utilizing a hidden key, and revoking the secure key upon successful verification of a signature. The command may comprise a key ID that is unique to a specific set-top box. A key corresponding to the command for revoking the secure key may be stored in a one-time programmable memory, compared to a reference, and the security key may be revoked based on the comparison. The command for revoking the secure key may be parsed from a transport stream utilizing a hardware parser. The method and system may also comprise generating a command for revoking a secure key. The command may be encrypted and signed utilizing a hidden key and may comprise a key ID that is unique to a specific set-top box.

Abstract: Described herein are techniques related to shielding data in transit and in memory. A method and system for shielding data in transit and in memory may include using a transformation knowledge key (TKK). For shielding data in transit, the TKK is configured to include a splitting algorithm component that is configured to split a message into N segments of shielded data and route the N segments via M communications paths, where M and N are integers greater than 1. For shielding data in memory, the memory is segmented into M memory blocks. The splitting algorithm component of the TKK is configured to split data into N segments of shielded data and store the N segments of shielded data in the M memory blocks. The TKK is reused to unshield and reconstruct the original message or the data from the N segments of shielded data.

Abstract: The invention relates to a method of authenticating a user of a first device while accessing a service offered by a service provider, the first device forming part of a group of devices in a local network that includes a second device of a user having an identification module for identifying and authenticating the user with the service, the method being characterized in that it comprises a prior broadcast step during which the second device broadcasts to the first device its ability to supply proof of an authentication, and in that, when the first device seeks to authenticate itself, the method further comprising: a request step (ET14, ET22) requesting the second device for proof of successful authentication with the service, the proof including the identity of the user of the second device; a transmission step (ET16, ET23) of the second device transmitting the proof to the first device; and an authentication step (ET18, ET25) of authenticating the user of the first device on the basis of the received proo

Abstract: Solution for autonomously securing the use of a portable drive with a computer network. A data store is written and maintained that contains entries corresponding to a plurality of portable drives initialized for use with the computer network, each entry corresponding to at least one identifiable drive. Events are monitored as they occur on the computer network involving use of each of the plurality of portable drives. Predefined security policy determination criteria is applied, which can include drive mobility assessment criteria and drive content sensitivity criteria, to determine a drive-specific security policy for each one of the plurality of portable drives. A set of at least one policy enforcement action is executed that corresponds to a determined drive-specific security policy in response to detected usage activity for each one of the plurality of portable drives.

Abstract: When a pre-determined time period has elapsed after a user access is last detected, a mobile device performs protection processing on account-related information. The mobile device includes an access detection unit that detects that a user accesses the mobile device, and a time period determination unit that determines whether or not a pre-determined time period has elapsed from a last user access time point at which the user last accessed the mobile device. The mobile device further includes a storage location acquisition unit that acquires a location in the data storage unit in which the account-related information is stored, and a protection unit that performs the protection processing on the account-related information based on the storage location of the account-related information acquired by the storage location acquisition unit, when the time period determination unit determines that a pre-determined time period has elapsed from the last user access time point.

Abstract: A method for querying a knowledgebase of malicious hosts numbered from 1 through N. The method includes providing a network of computers, which has a plurality of unknown malicious host machines. In a specific embodiment, the malicious host machines are disposed throughout the network of computers, which includes a worldwide network of computers, e.g., Internet. The method includes querying a knowledge base including a plurality of known malicious hosts, which are numbered from 1 through N, where N is an integer greater than 1. In a preferred embodiment, the knowledge base is coupled to the network of computers. The method includes receiving first information associated with an unknown host from the network; identifying an unknown host and querying the knowledge base to determine if the unknown host is one of the known malicious hosts in the knowledge base. The method also includes outputting second information associated with the unknown host based upon the querying process.

Abstract: Disclosed are a method, device and apparatus for acquiring the security state of a mobile terminal, which belong to the field of computers. The method includes: acquiring state information about key indicators preset by a mobile terminal; conducting a security level assessment on each key indicator through assessment policies corresponding to each of the preset key indicators, according to the state information about the key indicators, to obtain a first assessment result; and endowing each key indicator with a specific weight value, conducting an overall level assessment on the overall security state of the mobile terminal, and according to the weight value of each of the key indicators and the first assessment result of each of the key indicators, to obtain a second assessment result expressing the overall security state of the mobile terminal. The device includes: an acquiring module, a first assessment module and a second assessment module.

Abstract: The invention relates to a method for managing non-volatile memory space in a secure processor comprising a secure non-volatile internal memory, the method comprising steps of: selecting data elements to remove from the internal memory, generating, by the secure processor, a data block comprising the selected data elements, and a signature computed from the selected data elements using a secret key generated by the secure processor, transmitting the data block by the secure processor, and storing the transmitted data block in an external memory.

Abstract: The embodiment of the present document provides an authentication method, an authentication apparatus and an authentication device. The method includes: a first device determining an authentication preparation parameter; and according to the authentication preparation parameter, the first device transmitting a first authentication control message including a first device identifier stored in the first device to a second device with a second device identifier, controlling the second device to judge whether the first device identifier matches the second device identifier according to the first authentication control message, obtaining a judgment result, and when the judgment result is NO, performing a control operation to disable the second device from reading all or some user data from the first device.

Abstract: Systems and methods for restricting application binary interfaces. An example method may comprise: initializing, by a process spawned by a kernel of an operating system running on a computer system, a system call filter inhibiting at least one type of application binary interface (ABI) calls; receiving a system call issued by a user space program executed by the computer system; intercepting the system call by the system call filter; determining that the system call is disabled by the system call filter; and performing a pre-determined action with respect to the system call.

Abstract: A computer implemented method, apparatus, and program code for detecting malicious software components. A series of calls made by a software component is monitored to identify an identified respective series of call types to components named in said calls. A determination is made as to whether the identified respective series of call types to components named in said calls is indicative of malicious behavior.

Abstract: A system and method for providing secure message services. The system includes a forwarding service to receive message for delivery to a recipient. The system checks for preferences for delivery of the message content including encryption preferences and notifies the recipient or delivers the message according to the encryption preferences. The system includes an interoperability engine to determine delivery preferences including security preferences, the security preferences indicating a security protocol by which the message can be securely delivered to the recipient.

Abstract: Technologies for secure inter-virtual network function communication include a computing device to determine a cryptographic key for secure communication over at least one of an inter-virtual network function (VNF) network, an inter-virtual network function component (VNFC) network, or a VNF-VNFC network based on a security policy of the computing device; and. The computing device securely communicates over at least one of the inter-VNF, inter-VNFC, or VNF-VNFC network based on the determined cryptographic key.

Abstract: A method of obtaining descrambling information at a receiver, the descrambling information for enabling descrambling of scrambled content. A provider verification key is used to access a software image, which has been secured by a provider using a provider signature key corresponding to the provider verification key. A secured version of the descrambling information is received. The accessed software image is used to obtain virtual descrambling information from the secured version of the descrambling information and is provided as inputs to a cryptographic function to produce a given output comprising said descrambling information.

Abstract: The embodiments described herein relate to security verification systems and methods. In some aspects, there is provided a security verification server comprising a server processor. The server processor is adapted to provide at least one account identifier, receive at least one command for execution, determine whether to activate one or more available additional permission sets to execute the received command, and if it is determined that one or more additional permission sets should be activated to execute the received command, activate those permission sets by executing the security verification processes associated therewith.

Abstract: A method and apparatus for providing access of a user equipment to a data network via a wireless communication system is provided.

Abstract: Disclosed herein are techniques for obscuring Internet tendencies. It is determined whether a user tends to access a category of information over the Internet more than an average user. If the user accesses the category of information over the Internet more than the average user, a user profile associated with the user is adjusted such that the user profile is proportional to an average user profile associated with the average user.

Abstract: A data-firewall system blocks sensitive data from becoming available outside a protected space. During operation, the system can obtain an interest from a requesting entity. The requesting entity can include, for example, a software application running on a local computer, a computing device of an Enterprise environment, or a computing node of a computer cluster. Also, the interest can include a location-independent structured name associated one or more data items. When the system obtains the data associated with the location-independent structured name, the system proceeds to obtain a policy associated with the data, and to determine a context for the interest. Then, if the system determines that the requesting entity is within a protected space, as determined based on the policy and the context, the system forwards the data to the requesting entity.

Abstract: A method begins with a processing module receiving a data retrieval request and obtaining a real-time indicator corresponding to when the data retrieval request was received. The method continues with the processing module determining a time-based data access policy based on the data retrieval request and the real-time indicator and accessing a plurality of dispersed storage (DS) units in accordance with the time-based data access policy to retrieve encoded data slices. The method continues with the processing module decoding the threshold number of encoded data slices in accordance with an error coding dispersal storage function when a threshold number of the encoded data slices have been retrieved.